Phishing Campaigns Targeting Higher Education Institutions

Feb. 24, 2025, 4:52 p.m.

Description

Since August 2024, there has been a significant increase in phishing attacks targeting U.S. universities. Three distinct campaigns have emerged, exploiting trust within academic institutions to deceive students, faculty, and staff. One campaign used compromised educational institutions to host Google Forms for phishing. Another involved cloning university login pages and re-hosting them on attacker-controlled infrastructure. A third campaign targeted staff and students in a two-step process, first phishing faculty credentials and then using compromised accounts to target students. These attacks aim to steal login credentials and financial information, often timed to coincide with key dates in the academic calendar. The campaigns employ various tactics to increase perceived legitimacy and perform payment redirection attacks.

External References

https://cloud.google.com/blog/topics/threat-intelligence/phishing-targeting-higher-education/
https://otx.alienvault.com/pulse/67bc93b2e9c1d45f56f8e90f
Tags
phishing
social engineering
universities
business email compromise
2025-02-24
google forms
higher education
payment redirection

Date

  • Created: Feb. 24, 2025, 3:43 p.m.
  • Published: Feb. 24, 2025, 3:43 p.m.
  • Modified: Feb. 24, 2025, 4:52 p.m.

Indicators

  • http://kutly.win/Nyq0r4
  • http://cutly.today/JNx0r7
  • kutly.win
  • cutly.today
Download all indicators here!

Attack Patterns

  • T1102.003
  • T1566.003
  • T1021.006
  • T1583.001
  • T1589.001
  • T1589
  • T1102.002
  • T1589.002
  • T1193
  • T1534
  • T1185
  • T1204.001
  • T1566.002
  • T1199
  • T1036.005
  • T1102
  • T1192
  • T1036
  • T1566
  • T1078

Additional Informations

  • Education
  • United States of America